The Purpose of Compliance: Promoting a Positive, Not Preventing a Negative
One thing about maintaining a blog – you have nightmares (alright something a little less than that) about consistency in writing. All of us can be accused of having “evolving” positions, so maybe that is my rationalization.
If you had to boil down the lessons of compliance, the reasons for its exponential growth in corporate governance, and the impact that compliance has had in corporate governance, I hope that everyone can agree – it is the positive benefits of a culture of ethics and compliance, not the fear-mongering, Chicken Little, strategy of the “sky is falling, the sky is falling.”
In other words, the power of ethics and compliance is maximized when the message is a positive one – we promote a compliance of ethics and compliance to ensure stability of the organization, positive beliefs in the purpose and leadership of our organization, and the sustainability of our organization to benefit all the stakeholders – shareholders, managers, employees and everyone who depends on our company. If this is the mantra of your company, you should be a happy executive, manager or employee.
On the other hand, if your ethics and compliance program is fixated on a negative message – if you do not follow the rules, you will go to jail, the organization will suffer dramatic consequences, including government prosecution, jail time for certain officials, heavy penalties, collateral consequences, and reputational damage. All of these consequences are negative, and all are the reason for our compliance program, to make sure that everyone follows the rules and the law. Nothing more, nothing less.
The trouble with the “Chicken Little” model is that it only appeals to one of man/woman’s instincts – fear of consequences. The negative model does not appeal to our more positive and motivating side – one that reflects are desire to work for an organization that makes a meaningful contribution to society through its broad ethical culture, commitment to two important concepts of trust and integrity, and builds an organization through positive leadership and values.
A symptom of the Chicken Little model is underscored when a CCO walks into a room for a meeting and some one says – “Be careful, the sheriff has just walked in.” Such a statement or attitude reflects a corporate culture tending toward the negative model and away from the positive.
If CCOs are viewed as enforcers, CCOs have more work to do to create a positive message and reputation. A CCO who is viewed as a problem solver is a far better image to have – one that works together with the business, compromises when necessary to build a business, and guides the organization to reinforce the positive messages while minimizing, as necessary, the message of enforcement.
Do not get me wrong – enforcement is important and the CCO plays a vital role in protecting the organization from misconduct. But the CCOs role is far more than just serving as an enforcer.
On the other extreme, however, I reject any notion that a CCO’s responsibility is primarily to allow businesses to do what they want, and then follow behind them picking up and minimizing risks. They are not the clean-up squad behind the business to eliminate or minimize risk. CCOs have to be involved in business planning, risk measurement and overall business planning as part of the risk management process. CCOs should never define risk and business opportunities (e.g. we will not go into Russia because the risks are too high), and they should not be relegated to managing risks in the aftermath of business planning and execution.
A compliance program should always stick to a positive message – we can get things done but we need to be mindful and attentive to our risks. Such a message is not inconsistent but reflects the reality of today’s business and enforcement environment.